You searched for the word(s): userid:223965

More Search Options

RSS Available

• What are the 'Real World' security advantages of the .Net Framework and the JVM?

  The reason I am asking this question is because the way the .Net Framework and the JVM are used in the real world, I don't see any major advantages between them and C++, ASP Classic, PHP, ...(put your favorite language/development platform here)..., etc... The bottom line, is that in the 'Real Word', most .Net Applications execute with Full Trust and most Java based applications run with the Security Manager disabled. This means that the protections and security advantages provided by the Virtual

  Posted to Security (Forum) by ddplus on 11/4/2005

• What is the level of trust that you are going to run those websites under?

  If it will be Full Trust, then make sure you understand that configuring one application pool per website is NOT the only thing you need to do in order to gain some isolation between those websites. Although it can be argued that with Full Trust real isolation (and sandboxing) is impossible to achive

  Posted to Web Hosting with IIS and ASP.NET (Forum) by ddplus on 2/12/2005

• New ANBS Tool: OWASP Asp.Net Reflector

  {as posted in the Owasp-DotNet blog: http://www.ernw.de/owasp-dotnet/PermaLink.aspx?guid=1727d444-cdbb-4d6c-b3c6-64b71328abd1} I am happy to announce the release of the first BETA version (v0.1a) of the Owasp Asp.Net Reflector (downloadable from http://www.ddplus.net/projects/ANBS_AspNet_Reflector_V0.1a.zip) Note: This tool will be soon added to the OWASP ANBS (Asp.Net Baseline Security) suite. 1) Description The Owasp Asp.net Reflector is an online tool which allows the browsing of all available

  Posted to Security (Forum) by ddplus on 11/1/2004

• New ANBS Tool: OWASP Asp.Net Reflector

  {as posted in the Owasp-DotNet blog: http://www.ernw.de/owasp-dotnet/PermaLink.aspx?guid=1727d444-cdbb-4d6c-b3c6-64b71328abd1} I am happy to announce the release of the first BETA version (v0.1a) of the Owasp Asp.Net Reflector (downloadable from http://www.ddplus.net/projects/ANBS_AspNet_Reflector_V0.1a.zip) Note: This tool will be soon added to the OWASP ANBS (Asp.Net Baseline Security) suite. 1) Description The Owasp Asp.net Reflector is an online tool which allows the browsing of all available

  Posted to Announcements (Forum) by ddplus on 11/1/2004

• ISPs in partial Trust

  Your advise "..this is not a secure scenario on a shared server..." (which of course is true), is not practical and 'implementable' in the REAL world. For example: 1) how many ISPs do you know that provide shared hosting services where ALL websites hosted in one server are configured to run in Partially trust environments? 2) how many REAL world Asp.Net projects do you know that (excluding GAC Assemblies)execute ALL assemblies and websites in Partialy trusted environments?

  Posted to Web Hosting with IIS and ASP.NET (Forum) by ddplus on 5/7/2004

• "<processModel> user=System" is very dangerous!

  hello Ivan Not wanting to point something that you might already know, but, are you aware that by doing "<processModel> where I changed the attribute user="machine" to user="System". "> you are executing your Asp.Net code with "System" priviledges? In another words: "any code that executes in that server has total control over the box and (potentially the network)" I hope you are the only one that is able to create and execute Aspx scripts

  Posted to Security (Forum) by ddplus on 11/20/2003

• Re: Username and Password in web.config

  Hello The answer to "how safe is it to store the SQL username and password into a web.config file" depends on: 1) who has developer access to that server (i.e. create webpages and Aspx code) For example, unless you securely configured your web server anybody that can execute code on the server (even if the code is executed in another website) will be able to read your web.config file. 2) how protected is the web server from the local network Answer this: do you have strong ACLs on the web

  Posted to Security (Forum) by ddplus on 11/20/2003

• Re: securing an ASP.NET application (Serviced Components)

  Hello Tony Some questions to help to understand what you are trying to do: 1) What Identities are you trying to run your layers? 2) What level or trust is Asp.Net being executed? 3) What OS is your code running under (2k or 2k3)? Best regards

  Posted to Security (Forum) by ddplus on 11/20/2003

• Re: how to change the windows password

  See several examples here: http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=asp.net+change+password

  Posted to Security (Forum) by ddplus on 11/10/2003

• Re: virus scan

  Create a new process (using WSH, WMI, W32 or .Net process object) to call your anti-virus program (command line) to check newly uploaded file. Although like douglas said, any half decent anti-virus will do a check as soon as the file is copied into the hard drive. the ideal situation would be to do the anti-virus check while the file information is stored in memory (i.e. before it is written to disk), but I'm not aware of an Anti-Virus program that can do Virus checks on files stored in memory variables

  Posted to Security (Forum) by ddplus on 11/10/2003